Investigate and document envvar issues with tor-config

The tor-config crate's CfgPath type uses directories to look up locations on disk. In conformance with various standards, directories looks at the environment in order to see where it's supposed to put things.

Back RUSTSEC-2020-0159, everbody hit a different issue with safety and the environment. In this case, the problem was that a crate was calling a C API that looked at the environment, and the environment is not threadsafe in C. I think we're in the clear, but we should check.

We should, at the very least, document that we'll look at the environment here.